<?php
  include_once("session.php");   
  include_once("db.php");
  include_once('constants.php');
  
  if ( ! IsSessionValid() ) { 
    echo "<script>document.location='index.php';</script>";   
    exit;
  }
      
  if ( isset($_POST['secOldPassword']) || isset($_GET['secOldPassword']) ) {     
    if ( $_SERVER['REQUEST_METHOD'] === 'POST' ) {
      $oldPassword = $_POST['secOldPassword'];    
      $newPassword = $_POST['secNewPassword'];                 
    } else {
      $oldPassword = $_GET['secOldPassword'];    
      $newPassword = $_GET['secNewPassword'];        
    }
    
    $error = false;
    
    if ( $sessionUserPrivileges < 1) {
      $error = true;
      $errordesc = "You cannot change the password for this user.";
    }
  
    if ( empty($oldPassword) ) {      
      $error = true;
      $errordesc = "You need to enter your old password.";
    }
  
    if ( empty($newPassword) ) {
      $error = true;
      $errordesc = "You need to enter your new password.";
    }
    
    if ( !$error) {
      $conn = &ADONewConnection($dbType);
      $conn->PConnect($dbServer, $dbUser, $dbPassword, $dbName);
      //$conn->debug = true;      
      $query = "select id_user from user where id_user = $sessionUserId and password = ".$conn->qstr($oldPassword);
      //execute query          
      $rs = $conn->Execute($query);
      foreach ($rs as $row) {  
        // update user      
        $query = "update user set password=".$conn->qstr($newPassword)." where id_user=$sessionUserId";  
        if ( !$conn->Execute($query) ) {             
          $error = true;
          $errordesc = "Invalid Password change. Please try again.";
        } else {
          $error = true;
          $errordesc = "Password changed.";
        }
      }
    }                                   
  }
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:v="urn:schemas-microsoft-com:vml">
  <head>
    <meta http-equiv="content-type" content="text/html; charset=utf-8"/>
    <title><?php echo $product_name;?></title>
    <link rel="stylesheet" href="css/main.css" type="text/css">
    <script type="text/javascript" src="scripts/md5.js"></script>       
    <script type="text/javascript">
      //<![CDATA[
      function passwordSubmit() {        
        if (document.forms["passwordform"].oldPassword.value == '') {
          var error = document.getElementById("error");
          error.innerHTML = "Please enter your old password.";                   
          document.forms["passwordform"].oldPassword.focus();
          return false;
        }        
        var pass = document.forms["passwordform"].newPassword.value;
        if (pass == '') {
          var error = document.getElementById("error");
          error.innerHTML = "Please enter your new password.";                          
          document.forms["passwordform"].newPassword.focus();
          return false;
        }        
        if (pass.length < 6) {
          var error = document.getElementById("error");
          error.innerHTML = "The new password must be at least 6 characters long.";                  
          document.forms["passwordform"].newPassword.focus();
          return false;
        }
        if (pass != document.forms["passwordform"].reNewPassword.value) {          
          var error = document.getElementById("error");
          error.innerHTML = "Passwords don't match.";          
          document.forms["passwordform"].oldPassword.value = '';
          document.forms["passwordform"].newPassword.value = '';
          document.forms["passwordform"].reNewPassword.value ='';;
          document.forms["passwordform"].oldPassword.focus();
          return false;
        }

        document.forms["passwordform"].secOldPassword.value = md5(document.forms["passwordform"].oldPassword.value);
        document.forms["passwordform"].oldPassword.value = '';
        document.forms["passwordform"].secNewPassword.value = md5(document.forms["passwordform"].newPassword.value);
        document.forms["passwordform"].newPassword.value = '';
        document.forms["passwordform"].reNewPassword.value = '';
        return true;
      }      
    //]]>
    </script>          
  </head>
  <body>    
    <div id="main">
    <?php 
      include ("header.php");      
    ?>
                   
    <div id="content">                    
      <h1>Change Password</h1><br/>
      <p class="error" id="error">
        <?php         
            if ($error) {
              echo $errordesc;
            } else {
              echo "<br/>";
            }
        ?>
      </p><br/>      
      <div id="contentcenter">      
        <form id="passwordform" class="mform" action="password.php" onsubmit="return passwordSubmit();" method="post" enctype="multipart/form-data">
        <table>
          <tr>
            <td><label for="oldPassword" accesskey="p">Old Password:</label></td>
            <td class="btext"><input type="password" name="oldPassword" id="oldPassword" size="25"/><input type="hidden" name="secOldPassword" id="secOldPassword" value=""/></td>
          </tr>
          <tr>
            <td><label for="newPassword" accesskey="n">New Password:</label></td>
            <td class="btext"><input type="password" name="newPassword" id="newPassword" size="25"/><input type="hidden" name="secNewPassword" id="secNewPassword" value=""/></td>
          </tr>
          <tr>
            <td><label for="reNewPassword" accesskey="r">Confirm New Password:</label></td>
            <td class="btext"><input type="password" name="reNewPassword" id="reNewPassword" size="25"/></td>
          </tr>                    
          <tr><td colspan="3"><hr/></td></tr>
          <tr>
            <td></td>            
            <td class="btn"><input type="submit" id="update" name="update" value="Update"/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
           </tr>          
        </table>
        </form>        
      </div>
    </div> <!-- content -->                         
    <?php 
      include ("footer.php");      
    ?>
    </div><!-- main -->
    <?php         
      include ("ga.php");
    ?>
  </body>
</html>
